Equifax Max ICO Fine
Equifax have been fined £500,000 for a breach that occurred between May and July 2017. 146 Million records were compromised including 15 million UK records. On 20th September 2018 the ICO issued a maximum fine under the Data Protection Act 1998 because there were multiple failings – lack of lawful consent, keeping data that should have been deleted, failing to adhere to their own encryption policy and failing to patch a critical security weakness. This fine was small compared to the total cost of the breach (est. $300 million) but under GDPR the maximum fine could have been as high as £102 million.